diff options
| -rw-r--r-- | glx/glxcmds.c | 11 | ||||
| -rw-r--r-- | include/opaque.h | 1 | ||||
| -rw-r--r-- | os/utils.c | 8 |
3 files changed, 20 insertions, 0 deletions
diff --git a/glx/glxcmds.c b/glx/glxcmds.c index fb236b65e..2fc3f4cc8 100644 --- a/glx/glxcmds.c +++ b/glx/glxcmds.c @@ -275,6 +275,17 @@ DoCreateContext(__GLXclientState * cl, GLXContextID gcId, ** Allocate memory for the new context */ if (!isDirect) { + /* Only allow creating indirect GLX contexts if allowed by + * server command line. Indirect GLX is of limited use (since + * it's only GL 1.4), it's slower than direct contexts, and + * it's a massive attack surface for buffer overflow type + * errors. + */ + if (!enableIndirectGLX) { + client->errorValue = isDirect; + return BadValue; + } + /* Without any attributes, the only error that the driver should be * able to generate is BadAlloc. As result, just drop the error * returned from the driver on the floor. diff --git a/include/opaque.h b/include/opaque.h index 6b8071c5b..a2c54aa6a 100644 --- a/include/opaque.h +++ b/include/opaque.h @@ -56,6 +56,7 @@ extern _X_EXPORT Bool explicit_display; extern _X_EXPORT int defaultBackingStore; extern _X_EXPORT Bool disableBackingStore; extern _X_EXPORT Bool enableBackingStore; +extern _X_EXPORT Bool enableIndirectGLX; extern _X_EXPORT Bool PartialNetwork; extern _X_EXPORT Bool RunFromSigStopParent; diff --git a/os/utils.c b/os/utils.c index 83d85cdda..bc5e7df4d 100644 --- a/os/utils.c +++ b/os/utils.c @@ -194,6 +194,8 @@ Bool noGEExtension = FALSE; Bool CoreDump; +Bool enableIndirectGLX = TRUE; + #ifdef PANORAMIX Bool PanoramiXExtensionDisabledHack = FALSE; #endif @@ -538,6 +540,8 @@ UseMsg(void) ErrorF("-fn string default font name\n"); ErrorF("-fp string default font path\n"); ErrorF("-help prints message with these options\n"); + ErrorF("+iglx Allow creating indirect GLX contexts (default)\n"); + ErrorF("-iglx Prohibit creating indirect GLX contexts\n"); ErrorF("-I ignore all remaining arguments\n"); #ifdef RLIMIT_DATA ErrorF("-ld int limit data space to N Kb\n"); @@ -784,6 +788,10 @@ ProcessCommandLine(int argc, char *argv[]) UseMsg(); exit(0); } + else if (strcmp(argv[i], "+iglx") == 0) + enableIndirectGLX = TRUE; + else if (strcmp(argv[i], "-iglx") == 0) + enableIndirectGLX = FALSE; else if ((skip = XkbProcessArguments(argc, argv, i)) != 0) { if (skip > 0) i += skip - 1; |